CLEANING UP MESS
Bruce Schneier, a well-known cryptologist and chief technology officer of Co3 Systems, called on Internet companies to issue new certificates and keys for encrypting Internet traffic, which would render stolen keys useless.
That will be time-consuming, said Barrett Lyon, chief technology officer of cybersecurity firm Defence.Net Inc. "There's going to be lots of chaotic mess," he said.
Symantec Corp and GoDaddy, two major providers of SSL technology, said they do not charge for reissuing keys.
Mark Maxey, a director with cybersecurity firm Accuvant, said it is no easy task for large organisations to implement the multiple steps to clean up the bug, which means it will take some a long time to do so.
"Due to the complexity and difficulty in upgrading many of the affected systems, this vulnerability will be on the radar for attackers for years to come," he said.
Hypponen of F-Secure said computer users could immediately change passwords on accounts, but they would have to do so again if their operators notify them that they are vulnerable.
"Take care of the passwords that are very important to you," he said. "Maybe change them now, maybe change them in a week. And if you are worried about your credit cards, check your credit card bills very closely."
Below is the official statement from DBS:
We are not affected by this vulnerability and have multiple layers of security in place to protect our customers. Some of our security measures include the encryption of iBanking usernames and passwords as well as the use of 2FA for online banking transactions.
We understand that security is a key concern for internet banking users, and DBS is committed to providing our customers with a safe and secure online banking environment. Other than having the right authentication and security in place, we also offer a Money Safe guarantee to protect customers from unauthorized online transactions for both internet and mobile banking.
As a best practice, we encourage customers to change their passwords regularly for all types of online accounts. If the customer suspects that his Internet Banking User Identifier, PIN or token has been compromised or any suspicious activities on his account, he should contact DBS immediately at 1800-111-1111.